/*
 * Copyright (c) 2017. All  rights reserved.
 * 项目名：microservice-base
 * 文件名：WebSecurityConfig.java
 * Date  ：17-11-16 下午4:51
 * Author：abin
 *
 */

package com.stadium.common.config.security;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 * Created by Administrator on 2017/11/14.
 */
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    JWTAuthenticationFilter jWTAuthenticationFilter() {
        return new JWTAuthenticationFilter();
    }

    @Bean
    TokenAuthentication tokenAuthenticationSV() {
        return new TokenAuthentication();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // 关闭csrf验证
        http.csrf().disable()
                // 对请求进行认证
                .authorizeRequests()
                //所有的跨域请求全部打开
                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                .antMatchers("/inner/**").permitAll()
                .antMatchers("/favicon.ico").permitAll()
                .antMatchers("/swagger-ui.html").permitAll()
                .antMatchers("/swagger-resources").permitAll()
                .antMatchers("/v2/api-docs").permitAll()
                .antMatchers("/beans").permitAll()//显示所有的spring bean
                .antMatchers("/autoconfig").permitAll()//显示自动配置信息
                .antMatchers("/configprops").permitAll()//显示配置属性列表
                .antMatchers("/dump").permitAll()//显示线程活动的快照
                .antMatchers("/env").permitAll()//显示应用程序的环境变量
                .antMatchers("/health").permitAll()//显示应用程序的健康指标
                .antMatchers("/info").permitAll()//显示应用的信息
                .antMatchers("/mappings").permitAll()//显示所有的URL路径
                .antMatchers("/metrics").permitAll()//显示应用的度量标准信息
                .antMatchers("/trace").permitAll()//显示跟踪信息
                .antMatchers("/druid/**").permitAll()//显示连接池
                .antMatchers("/**").permitAll()
                .antMatchers("/api/basicsplayer/v1/save").permitAll()
                // 所有 /login 的POST请求 都放行
                .antMatchers(HttpMethod.POST, "/api/loginmanagement/**").permitAll()
                // 所有请求需要身份认证
                .anyRequest().authenticated().and()
                // 添加一个过滤器验证其他请求的Token是否合法
                .addFilterBefore(jWTAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
    }

    /**
     * 忽略静态资源
     *
     * @param web
     * @throws Exception
     */
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/webjars/**")
                .antMatchers("/swagger-resources/**")
                .antMatchers("/file/**")
        ;
        // 可以仿照上面一句忽略静态资源
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }
}
